Use constant parameters for argon key generation #3283
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# DOCS: | |
# 1. https://help.github.com/en/articles/workflow-syntax-for-github-actions | |
# 2. https://github.com/mvdan/github-actions-golang/issues/22 | |
# 3. https://github.com/stellar/go/blob/master/.github/actions/setup-go/action.yml | |
# 4. https://github.com/stellar/go/blob/master/.github/workflows/go.yml | |
# 5. https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds | |
# 6. https://github.com/golang/go/issues/58571 | |
name: ong ci | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
jobs: | |
check_release_notes: | |
name: check_release_notes | |
timeout-minutes: 1 | |
strategy: | |
matrix: | |
go-version: ['>=1.23.0'] | |
platform: [ubuntu-22.04] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
# checkout main branch and the current branch so that we are able to do diff operations. | |
- name: checkout main branch too. | |
uses: actions/checkout@v3 | |
with: | |
ref: main | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v3 | |
# https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions | |
- name: check if changes have release notes | |
if: ${{ github.ref != 'refs/heads/main' }} | |
env: | |
GIT_BRANCH: ${{ github.ref }} | |
GITHUB_HEAD_REF: ${{ github.head_ref }} | |
GITHUB_BASE_REF: ${{ github.base_ref }} | |
run: | | |
printf "GIT_BRANCH: $GIT_BRANCH \n" | |
printf "GITHUB_HEAD_REF: $GITHUB_HEAD_REF \n" | |
printf "GITHUB_BASE_REF: $GITHUB_BASE_REF \n" | |
printf "list git branches: \n" | |
git branch --list --all | |
if [[ "$GIT_BRANCH" == "refs/heads/main" ]] | |
then | |
printf "\n $GIT_BRANCH branch, ignoring check for relese notes \n" | |
elif [[ "$GIT_BRANCH" == *"refs/tags/"* ]] | |
then | |
printf "\n $GIT_BRANCH branch, ignoring check for relese notes \n" | |
else | |
ChangedFiles=`git diff --name-only remotes/origin/main` | |
echo $ChangedFiles | |
case "$ChangedFiles" in | |
*CHANGELOG.*) | |
printf "\n Thanks, your commits include update to release notes. \n";; | |
*) | |
printf "\n You should add release notes to CHANGELOG.md \n" && exit 77;; | |
esac | |
fi | |
run_tests: | |
name: run_tests | |
timeout-minutes: 7 | |
strategy: | |
matrix: | |
go-version: ['>=1.23.0'] | |
platform: [ubuntu-22.04] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v3 | |
- name: Set up Go | |
uses: actions/setup-go@v4 # since v4, it added cache by default. | |
with: | |
go-version: ${{ matrix.go-version }} | |
- name: tests and benchmarks | |
run: | | |
ulimit -a | |
env | |
set -x | |
go test -timeout 1m -race -run=XXXX -bench=. ./... | |
go test -timeout 4m -race -cover -coverprofile=coverage.out -shuffle on -count=2 ./... | |
go tool cover -html=coverage.out -o coverage.html | |
go tool cover -func=coverage.out | |
wget -nc --output-document=/tmp/codecov https://github.com/codecov/uploader/releases/download/v0.3.5/codecov-linux | |
chmod +x /tmp/codecov | |
/tmp/codecov | |
env: | |
ONG_RUNNING_IN_TESTS: 'YES' | |
run_analysis: | |
name: run_analysis | |
timeout-minutes: 8 | |
strategy: | |
matrix: | |
go-version: ['>=1.23.0'] | |
platform: [ubuntu-22.04] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v3 | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ matrix.go-version }} | |
- name: install apt and pip deps | |
run: | | |
pwd; ls -lsha | |
sudo apt -y update | |
sudo apt -y install wget | |
- name: install tools | |
run: | | |
set -x | |
go install honnef.co/go/tools/cmd/staticcheck@latest | |
go install github.com/securego/gosec/cmd/gosec@latest | |
go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@latest | |
# go install github.com/orijtech/structslop/cmd/structslop@latest | |
go install github.com/orijtech/httperroryzer/cmd/httperroryzer@latest | |
go install golang.org/x/tools/cmd/stress@latest | |
go install golang.org/x/tools/cmd/goimports@latest | |
go install golang.org/x/tools/go/analysis/passes/shadow/cmd/shadow@latest | |
go install golang.org/x/tools/go/analysis/passes/nilness/cmd/nilness@latest | |
go install github.com/kisielk/errcheck@latest | |
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest | |
go install mvdan.cc/gofumpt@latest | |
go install golang.org/x/vuln/cmd/govulncheck@latest | |
go install github.com/mdempsky/unconvert@latest | |
go install github.com/zricethezav/gitleaks/v8@latest | |
go install gvisor.dev/gvisor/tools/checklocks/cmd/checklocks@latest | |
/home/runner/go/bin/staticcheck -version | |
env: | |
SOME_ENV_VAR: '2020.1.6' | |
- name: static analysis | |
run: | | |
set -x | |
diff <(gofmt -d .) <(printf "") | |
diff <(gofumpt -extra -w -d .) <(printf "") | |
diff <(goimports -d .) <(printf "") | |
go vet -all ./... | |
go vet -vettool=/home/runner/go/bin/shadow -strict ./... | |
go vet -vettool=/home/runner/go/bin/nilness -test ./... | |
# /home/runner/go/bin/checklocks -test=false ./... | |
/home/runner/go/bin/staticcheck -tests ./... | |
/home/runner/go/bin/govulncheck ./... | |
# /home/runner/go/bin/gosec ./... # does not seem to work with Go1.21 | |
# /home/runner/go/bin/structslop ./... # needed once in a while. | |
# /home/runner/go/bin/httperroryzer ./... # re-enable after https://github.com/komuw/ong/issues/410 | |
# see: https://github.com/golang/go/commit/a98589711da5e9d935e8d690cfca92892e86d557 | |
/home/runner/go/bin/errcheck -ignoregenerated -ignoretests -asserts ./... | |
/home/runner/go/bin/unconvert -v ./... | |
/home/runner/go/bin/gitleaks detect . -v --no-git --baseline-path .gitleaksignore | |
# To create the gitleaksignore file, run; | |
# rm -rf .gitleaksignore; gitleaks detect . --no-git --report-path .gitleaksignore | |
# dont use golangci-lint | |
# see: https://twitter.com/dominikhonnef/status/1394766501157167112 | |
# | |
# In our case we need to use it so that we can be able to use `nolint:gocritic` in the errors package. | |
# | |
wget -nc --output-document=/tmp/semgrep-go.zip https://github.com/dgryski/semgrep-go/archive/refs/heads/master.zip | |
unzip -o /tmp/semgrep-go.zip -d /tmp/semgrep-go | |
go get github.com/quasilyte/go-ruleguard/dsl | |
golangci-lint run --config .golangci.yml ./... | |
go mod tidy | |
python -m venv /tmp/.venv | |
. /tmp/.venv/bin/activate | |
python -m pip install --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org semgrep | |
semgrep -f /tmp/semgrep-go/semgrep-go-master/ --error . | |
deactivate | |
# An alternative it to do: | |
# semgrep -f https://semgrep.dev/r/dgryski.semgrep-go --exclude="*_test.go" . | |
# deadlock detection | |
# https://github.com/cockroachdb/cockroach/issues/7972 | |
go get -u github.com/sasha-s/go-deadlock | |
find . -name "*.go" | xargs -n 1 sed -i.backup 's/sync.RWMutex/deadlock.RWMutex/' | |
find . -name "*.go" | xargs -n 1 sed -i.backup 's/sync.Mutex/deadlock.Mutex/' | |
find . -name '*.backup' -delete | |
/home/runner/go/bin/goimports -w . | |
go test -timeout 4m -race ./... | |
go mod tidy | |
# TODO: add https://github.com/system-pclub/GCatch | |
env: | |
ONG_RUNNING_IN_TESTS: 'YES' | |
# https://go.dev/testing/coverage/ | |
integration_test_coverage: | |
name: integration_test_coverage | |
timeout-minutes: 3 | |
strategy: | |
matrix: | |
go-version: ['>=1.23.0'] | |
platform: [ubuntu-22.04] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v3 | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ matrix.go-version }} | |
- name: whole program coverage | |
run: | | |
set -x | |
pwd; ls -lsha | |
sudo apt -y update | |
sudo apt -y install libnss3-tools jq # certutil | |
mkdir -p coverage/ | |
rm -rf coverage/* ongExample | |
go build -cover -o ongExample github.com/komuw/ong/example | |
GOCOVERDIR=coverage/ ./ongExample > logs_one.json 2>&1 & | |
sleep 10 && kill -15 $(pidof ongExample) | |
{ # try | |
kill -9 $(pidof ongExample) | |
} || { # catch | |
echo -n "" | |
} | |
cat logs_one.json | |
GOCOVERDIR=coverage/ ./ongExample > logs_two.json 2>&1 & | |
sleep 10 | |
cat logs_two.json | |
ls -lsha coverage/ | |
ss --listening --processes --query=tcp,udp | |
go test -timeout 4m -race --tags=integration github.com/komuw/ong/example -v | |
kill -15 $(pidof ongExample) | |
{ # try | |
kill -9 $(pidof ongExample) | |
} || { # catch | |
echo -n "" | |
} | |
ls -lsha coverage/ | |
go tool covdata percent -i=coverage | |
env: | |
ONG_RUNNING_IN_TESTS: 'YES' | |
ONG_EXAMPLE_TESTS_BASIC_AUTH: "super-h@rd-Pas1word" # Ought to be same value as used in /example/main.go | |
# run_stress_test: | |
# name: run_stress_test | |
# timeout-minutes: 2 | |
# strategy: | |
# matrix: | |
# go-version: ['>=1.23.0'] | |
# platform: [ubuntu-22.04] | |
# runs-on: ${{ matrix.platform }} | |
# steps: | |
# - name: Set up Go | |
# uses: actions/setup-go@v4 | |
# with: | |
# go-version: ${{ matrix.go-version }} | |
# - name: stress test | |
# run: | | |
# go install golang.org/x/tools/cmd/stress@latest | |
# go test -o ong.test -c -race | |
# /home/runner/go/bin/stress -timeout 10s ./ong.test |